Security vulnerability in NaCl on x86-32

Skip to first unread message

Cliff L. Biffle

Jan 13, 2010, 2:53:38 PM1/13/10
We have found a vulnerability in Native Client for x86-32. The hole
has been present in all releases of Native Client since August. It
may allow untrusted code to jump to arbitrary locations within its
code segment, effectively subverting the validator's notion of the
instruction stream.

Because official Native Client releases only allow execution of code
served from localhost, we do not expect this vulnerability to cause
problems in the wild. We have fixed it for the next Native Client
release. However, if any users have disabled or worked around the
localhost restriction, they should update past r1313 and recompile.

This does not affect ARM.

More details and a brief postmortem here:

Cliff L. Biffle
Native Client Team
Google, Inc.

Reply all
Reply to author
0 new messages